Bug#1119415: marked as done (fig2sxd: please build using the default build flags)

[Debian Bug Tracking System]

Your message dated Fri, 19 Jun 2026 16:04:18 +0000
with message-id <e1wabha-0000000dnfs-1...@fasolo.debian.org>
and subject line Bug#1119415: fixed in fig2sxd 0.24-1
has caused the Debian Bug report #1119415,
regarding fig2sxd: please build using the default build flags
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1119415: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1119415
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Source: fig2sxd
Version: 0.23-1
User: debian-secur...@lists.debian.org
Usertags: hardening-buildflags

fig2sxd is not currently using the default build flags set by 
dpkg-buildflags(1).
The default flags are chosen for multiple reasons including security,
performance, reproducibility, adherence to standards, and error handling.

Please make sure that fig2sxd builds using the default build flags. blhc(1p)
and hardening-check(1) can be used to confirm that the issue is fixed.

In the general case, packages honoring CFLAGS, LDFLAGS, and other
similar environment variables get the default build flags for free
without the need for any work on the maintainer side. In the case of
fig2sxd, the flags are either ignored or overridden.

The most common reasons for this are:

Hand-written Makefiles
----------------------
Some upstream Makefiles either override the values of variables such as
CFLAGS and similar or do not use them at all. See:
https://wiki.debian.org/HardeningWalkthrough#Handwritten_Makefiles

Misconfigured build systems
---------------------------
If the upstream code uses autotools, CMake, or other popular build
systems, it usually requires no further modifications. If might however
be that some variables are hardcoded in some way.

In this CMake snippet, the value of CXXFLAGS is overwritten with "-O2":

 set(CMAKE_CXX_FLAGS "-O2")

If the intention is to append to CXXFLAGS, one should use the following
instead:

 set(CMAKE_CXX_FLAGS "-O2 ${CMAKE_CXX_FLAGS}")

See #655870 for a similar autotools example. 

Very old debhelper usage
------------------------
Packages not using dh(1), or those using a debhelper compatibility level
less than 9, need to manually include /usr/share/dpkg/buildflags.mk in
order for the dpkg-buildflags variables to be set:
https://wiki.debian.org/Hardening#dpkg-buildflags

Flags hardcoded in debian/rules (either voluntarily or not)
-----------------------------------------------------------
Some packages voluntarily hardcode the values of CFLAGS and friends in
debian/rules, ignoring the defaults set by dpkg-buildflags(1).

Others attempt to append to the variables, but end up accidentally
overriding the defaults:

 #!/usr/bin/make -f
 export CFLAGS += -pipe -fPIC -Wall

 %:
        dh $@

Debhelper only sets CFLAGS if it is not set yet. In the example above,
when dh is invoked the value of CFLAGS is "-pipe -fPIC -Wall", hence the
hardened defaults are not used. The right way to append to CFLAGS is
using DEB_CFLAGS_MAINT_APPEND instead, as documented in
dpkg-buildflags(1).

For a detailed analysis of this issue, see:
https://people.debian.org/~ema/nocflags_paper.pdf (eprint: hal-05334704)

--- End Message ---

--- Begin Message ---

Source: fig2sxd
Source-Version: 0.24-1
Done: Andreas Tille <ti...@debian.org>

We believe that the bug you reported is fixed in the latest version of
fig2sxd, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1119...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Andreas Tille <ti...@debian.org> (supplier of updated fig2sxd package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 19 Jun 2026 17:38:09 +0200
Source: fig2sxd
Architecture: source
Version: 0.24-1
Distribution: unstable
Urgency: low
Maintainer: Debian PhotoTools Maintainers 
<pkg-phototools-de...@lists.alioth.debian.org>
Changed-By: Andreas Tille <ti...@debian.org>
Closes: 1044609 1118128 1119415 1140218
Changes:
 fig2sxd (0.24-1) unstable; urgency=low
 .
   [ Alexander Bürger ]
   * Fix package build.
     Closes: #1044609
 .
   [ Andreas Tille ]
   * New upstream version
   * Maintain in Phototools team
     Closes: #1140218
   * d/watch:
      - Version=5
      - Fix
   * Remove redundant Priority: optional from source stanza.
   * Set debhelper-compat version in Build-Depends.
   * Add debian/upstream/metadata
   * Enable building using the default build flags
     Closes: #1119415
   * d/rules: hardening
   * Suggests: s/openoffice.org/libreoffice-draw/
     Closes: #1118128
   * Standards-Version: 4.7.4
Checksums-Sha1:
 57342dd351192b1a6b2613f55418029909b32845 2013 fig2sxd_0.24-1.dsc
 85fa0e47bcb553ecec3096d84ab2f7321a17c30b 680476 fig2sxd_0.24.orig.tar.xz
 e62d1d66525964419e947c38de2dca2b62f1604f 3832 fig2sxd_0.24-1.debian.tar.xz
 47bd626dabc0a8088d79ab530014b47d366a5c4f 5922 fig2sxd_0.24-1_amd64.buildinfo
Checksums-Sha256:
 0bcd838ff1ca5295acdb9c298a17152e2df597c04500f24b281a4b58036c8cbe 2013 
fig2sxd_0.24-1.dsc
 014ef9f0f49bbeea06ca18771e4bfd2d301d9eb2b9618c1c30fe846d53321b46 680476 
fig2sxd_0.24.orig.tar.xz
 adc3ee4b660af5b4a5479dc411b1f890fb7a99eeb83963d834bc680e898bca97 3832 
fig2sxd_0.24-1.debian.tar.xz
 ce7eb6733f016231cb66af8474328098f63d8860d06ece64a5cbe6c6281cfde5 5922 
fig2sxd_0.24-1_amd64.buildinfo
Files:
 0872fbb4e310b78a2fc54c2dbd309f0c 2013 graphics optional fig2sxd_0.24-1.dsc
 5146dba3f3f98733b4b8f0a57711b673 680476 graphics optional 
fig2sxd_0.24.orig.tar.xz
 9033b10f2f61d3f1729df519c28d5639 3832 graphics optional 
fig2sxd_0.24-1.debian.tar.xz
 42cf0d34c678109c15f4ad08f6aa2e80 5922 graphics optional 
fig2sxd_0.24-1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJFBAEBCgAvFiEE8fAHMgoDVUHwpmPKV4oElNHGRtEFAmo1Y6ARHHRpbGxlQGRl
Ymlhbi5vcmcACgkQV4oElNHGRtEoqA/+NxApDgl7vQiTLjE9yWK6SLGYjTb13KX5
M4MXiF7m+ahtRiswJ4+pVT8Pl6qd0dWuFPyPG2eer6rlqL65vGjQToKdrLWerZPo
d5F3j2bZdhj/6c7pM9MRPfGT0hDVC2JTsdfgUC7EDFbHDVbwbeaGFfnuaENjaSGm
/Y0gzOENQgzNISn890EvmdiQcWmEvG3oZZXmZ57zVNUuGr24Fym9+UwyM5La7TFb
MZJYUntGEqb8fXIOSD5vuFV8RzPBY7OPTLhd6RMnAkDFHJrfsHXo0bLWraCW5TWv
hgn/PsMJ0CGQ9RmnzsAbSgIdkOrgjFHxDdbnbTYgqn3KjZQ/nJwRsaIPa+xHc7uA
QrGiwknXFAhgYtRSow85vhORbvvkfPM80nYpS3l53JtdvrzUOjwt8n1AVyoMNYkf
n+X8logiPRndJdN8soZ8onAqofMXmfquv9V8MPlo4251xfoGAFsqKak+NvtgUcNJ
WG3868S72F/5d2LVPdEqBPJ188RU0p0v9sXm6C53YXb5Toz3NpjVrLG8qyMzrJyQ
dWJXBLsUXM4tg67EMiw9i545AQp/ru8io09zWD+c7Sr2Yjm5myxgz7U3cpL3zZkD
GtVjygs5Zw7LqBC+G6czSD2Zh7gDDCghDOJYN3yHxvBU4Ivt+4QGggRiDHnRlAgj
tw11HxfCAiU=
=FyWu
-----END PGP SIGNATURE-----

pgpMPbkXpdKAH.pgp
Description: PGP signature

--- End Message ---